British Airways Executive Club Members May Have Fallen Victim to a Hack and Potential Identity Theft
When most people think about being “hacked,” they assume that you are talking about their credit cards or their email accounts – but frequent flier miles? Not so much. Yet British Airways recently sent a letter to a number of Executive Cub members informing them that they have experienced some “unauthorised activity” on their accounts. As a result, BA has temporarily suspended all Club members’ Avios points, or frequent flier miles, though the airline does say that anyone who wishes to spend those points can do so by calling them and answering some security questions, after which the airline will reactivate an account. The reasons behind the hack are still unclear. The letter goes on to say the hack:
“appears to have been the result of a third part using information obtained elsewhere on the internet, via an automated process, to gain access to your Executive Club account. We understand this was login information relating to a different online service which you may have also used to access your Executive Club account. We would like to reassure you that, although it does appear that the login attempt was successful, at this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.”
The airline then recommends that members change their passwords and provides a link to do so, though one source claims British Airways “should never have included a clickable link when they invited you to reset your password, as that’s a classic trick used by criminals phishing for login credentials.”
No new information has come forth, but at Paulson & Nace, PLLC we are monitoring this case for more details regarding how the hack was allowed to be perpetrated.
If you are a member of British Airways’ Executive Club, or have experienced a similar situations involving another company’s frequents flier miles or reward points, we want to know. Please contact Attorney Jonathan Nace, a Certified US Information Privacy Professional uniquely equipped to offer counsel in such matters.
Christopher T. Nace works in all practice areas of the firm, including medical malpractice, birth injury, drug and product liability, motor vehicle accidents, wrongful death, and other negligence and personal injury matters.
Read more about Christopher T. Nace.